The present invention relates to a signature technology for document data, and more particularly to a signature technology for document data suited to an information processing system of a thin client type.
In recent years, attention has been focused on an information processing system of a so-called thin client type. In the information processing system of the thin client type, a user accesses a local machine installed at home or company from a remote machine at hand, and uses terminal services provided from the local machine to operate a desktop of the local machine by remote control, thereby using various application programs and data stored in the local machine. Not only a desktop personal computer (PC), but also a blade PC (i.e., blade computer) equipped with no locally connected input/output devices (e.g., keyboard, mouse, and display), or the like, may be used as the local machine (refer to, for example, Japanese Patent Laid-open Publication No. 2003-337672).
There is an information processing system of a thin client type which enables use of only a printer, an external drive, an external memory, or the like, locally-connected to a local machine or through a network by using, as a remote machine, a PC of a so-called HDD-less type configured to inhibit local or network connection to a printer, an external drive, an external memory (excluding a storage apparatus which stores authentication information for using terminal services of a local machine). With this type of information processing system, the possibility of information leakage caused by theft of the remote machine or the like can be reduced.
However, when the information processing system of this type is applied to an electronic contract system, the following problems occur. That is, consideration will be given to a case where a user such as an insurance agent uses a remote machine lent to him/her to generate an electronic signature of an insured person for contract data. To generate the electronic signature of the insured person, a signature key (secret key) of the insured person is necessary. However, the remote machine is configured to inhibit local or network connection to a printer, an external drive, an external memory, or the like. Accordingly, for example, the user cannot fetch the signature key of the insured person stored in an external memory from the external memory of the insured person.
The signature key has conventionally been moved from a key generation mechanism to an owner by, for example, storing the signature key in the external memory and delivering it to its owner or transmitting the signature key to a terminal of its owner through cryptocommunication. Thus, the movement is accompanied by security risks.